System and method for secure message reply

ABSTRACT

A system and method whereby an unregistered, anonymous user at an organization&#39;s website makes a submission/inquiry and is able to access a secure response containing private information without pre-registering or establishing an account with the organization. A response to the user is made via an unsecured e-mail notification that provides the user with an HTTPS link to an authentication page. The user then enters his/her user identification, for example, the user email address and password which was associated with the original submission/inquiry. Once the email address and password is authenticated, the secure response message is displayed on the user&#39;s web browser in SSL. Each response is provided on a per-submission basis.

FIELD OF THE INVENTION

The present invention relates to a system and method for securelyproviding a reply via the Internet in response to an online submissionmade by an unregistered user. More particularly, but not by way oflimitation, the present invention is a system and method for securelyproviding a reply containing private information to a prospect who hassubmitted an online submission and/or inquiry via a website withouthaving the prospect first pre-register or establish an account.

BACKGROUND OF THE INVENTION

There is a need by organizations, such as businesses, to provide secureresponses not only to an established customer, but also to anunregistered user or prospect. The prospect includes, for example, aunauthenticated visitor at a website who does not have an account withthe organization associated with the website. The term “account” is notintended to be limiting and can apply to any type of record ordocumentation on the user, including, for example, in the context of abanking website, a credit card account, checking account, etc.

Although the capability to securely accept communications via theInternet may exist, there is not an effective and efficient way to replyto an unregistered prospect via the Internet in a secure form so thatthe prospect may remain anonymous. Therefore, private and/orconfidential information is not included in replies to unregisteredprospects via the Internet. Secure replies are limited to thoseregistered users who have been authenticated and have an establishedaccount. Further, there is not an efficient and cost-effective way toincorporate existing infrastructure to provide the secure replies to theunregistered users.

Accordingly, there is a need for a system and method for securelyproviding a reply via the Internet in response to an online submissionmade by an unregistered user or prospect.

SUMMARY OF THE INVENTION

An embodiment of the present invention is a system and method whereby anunregistered user or prospect may go to an organization's website with asubmission or inquiry, and receive a secure response from theorganization without establishing an account with the organization.There is no requirement for the prospect to “log on.” The submission maybe, for example, a loan application made to a financial servicesinstitution. The loan application by the unregistered prospect maycontain private information about the prospect which he/she sends via asecure website. The response from a customer service representative atthe financial services institution is also provided in a secure mannervia the Internet, although the prospect did not pre-register and remainsanonymous. The response may include the prospect's private informationthat was in the original submission, such as, an account number, abalance, or other additional private information. Although reference ismade to the Internet, other communication systems are also within thescope of the invention.

An embodiment of the present invention provides that the prospect entera prospect-created password as part of the original submission. In afurther embodiment, the password is required to satisfy certain securityrequirements in terms of length and character combinations so that itcannot be easily guessed by another person. A secure relationship iscreated on a per-submission basis. For each submission he/she sends viathe website, the prospect can use a different password (a differentidentification). The prospect is able to retrieve a return message in asecure manner because he/she is the only one who knows what was enteredas the password. The prospect remains anonymous in the transaction toprotect his/her privacy. Other embodiments include providing a user namealong with a password, wherein the user name is the email address of theprospect. A different email address may also be provided by the prospectas the user name. Other embodiments involve passwords and/or other typesof identifiers that have been provided to the prospect.

An embodiment of the present invention comprises the following steps: Auser at a personal computer, kiosk, etc. enters a website, for example awebsite of a mortgage lender, and completes a “contact us” form whereinthe user identifies himself/herself and provides specific information.The user provides a shared password for that particular communication.In this embodiment, the information is sent to an Internet EmailWorkflow Application (IEWA). A customer service representative, afterverifying the user and the required data, prepares a reply to the user.A copy of the reply is placed in the web server. The reply may be madeavailable for only a specified period of time, for example, 30 days. Anotification email is sent (e.g., Simple Mail Transfer Protocol) to theuser to securely retrieve the reply without any additional information.The notification, for example, takes the form of providing the user witha hyperlink of a Uniform Resource Locator in the notification email andan authentication screen is displayed whereby the user is asked forhis/her identification and a password. Once authenticated, the securereply is presented to the user.

Although examples of certain types of online forms have been identified,these examples are not meant to be limiting. There are countlessvarieties of online forms that may be used, such as, online formspertaining to credit cards, loans, change of addresses, registration,identification, resumes, surveys, technical problems, etc.

As discussed, an embodiment of the present invention provides for asecure dialogue on a per submission/inquiry basis. The same prospect maycomplete a second online form and provide a different email address asan identifier and a different password. There is no need for theprospect to register or establish a universal account. A level ofanonymity is therefore maintained and privacy is enhanced. Further, theperson accessing the website need not be a first-time prospect but maybe an existing customer, and the submission need not be an online formbut can be any type of submission pertaining to a variety of matters.

A further embodiment of the invention is a method for providing a secureresponse to a first party, comprising the steps of receiving asubmission from the first party over a communications network, whereinthe submission is directed to a second party and includes an identifierassociated with the submission, and wherein the first party has notestablished a relationship with the second party. The steps furtherinclude receiving a response to the submission from the second party,storing the response for later retrieval by the first party or thesecond party, and sending a notification to the first party wherein thenotification provides information for securely accessing the response.The steps also include receiving a second submission from the firstparty wherein the second submission comprises information forcorrelation to the identifier provided in the first submission,authenticating the first party, and permitting the first party tosecurely access the response from the second party.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings:

FIG. 1 is a system architecture diagram of an embodiment of theinvention; and

FIG. 2 is a system architecture diagram of an alternative embodiment ofthe invention.

DETAILED DESCRIPTION

Reference will now be made in detail to embodiments of the invention,one or more examples of which are illustrated in the accompanyingdrawing. Each example is provided by way of explanation of theinvention, not as a limitation of the invention. It will be apparent tothose skilled in the art that various modifications and variations canbe made in the present invention without departing from the scope orspirit of the invention. For instance, features illustrated or describedas part of one embodiment can be used on another embodiment to yield astill further embodiment. Thus, it is intended that the presentinvention cover such modifications and variations that come within thescope of the invention.

In an embodiment of the present invention, communication is submitted bya user visiting a web site. The communication may be, for example,forms-based, meaning a form with a preset design, such as an onlineapplication form or customer service communication form. The embodimentfurther comprises a secure e-mail messaging system, such as, an InternetEmail Workflow Application (IEWA) that supports two way messaging andallows a business to receive and process customer communications sentvia the web site. Communication from the Internet user is secured using,for example, SSL with 128-bit encryption.

Once a response has been prepared to the user's submission,communication to the user is made via an unsecured e-mail notificationthat provides the user with an HTTPS link to an authentication page. Theuser then enters his/her user identification, for example, the user'semail address and password which was associated with the originalsubmission. Once the email address and password are authenticated, thesecure response message is displayed on the user's web browser in SSL.

Referring now to FIG. 1, the user (customer, prospect, etc.) throughhis/her web browser 1 visits a web site and provides a submission, forexample, by filling in and submitting an online loan application form,using a secure connection (SSL) 2. The web server 3 hosting the web siteconverts the form into an email message, then encrypts the message 4,for example, using Entrust, and sends it, for example, to the IEWADomino Server 5. If a password is included in the user's submission, anda customer service representative (CSR) 6 chooses to send a secureresponse 6 a to the user, the following process takes place inaccordance with an embodiment of the invention.

IEWA saves the secure response in the secure response database residingon the same Domino server 5 as the workflow database. Also, the secureresponse message is saved in the history section of the originalmessage. A notification message 7, configurable by workflowadministrators, is sent to the user's email address with instructions onhow to access the secure response via a web browser in SSL connection.If the above notification message 7 is bounced, IEWA locates theoriginal message in the workflow database and marks the message statusas bounced.

When the user attempts to retrieve 8, 8 a the secure response in a SSLsession using the link provided in the notification message, he or sheis prompted to enter the email address and password that was provided inhis or her initial request message. The page will make HTTPS connections9 to the IEWA Domino Server for the secure response content. If theemail address and password combination is correct, the response messagewill be displayed on the user's web browser in SSL. Otherwise, the userwill be asked to reenter the email address and the password. If the userfails to provide the correct combination for, for example, sixconsecutive times, the secure response will be disabled/locked from thesecure response database. Time and status of the user's attempts toretrieve the secure response is recorded in the history section of theoriginal message. Regardless of user success or failure to retrieve theresponse message, the secure response is disabled/locked in the secureresponse database after, for example, seven days. IEWA removes thedisabled/locked secure response from the secure response database aftera specified number of days.

FIG. 2 is an alternate embodiment of the invention and illustrates thatthe system architecture need not involve separate web servers asdepicted by the embodiment in FIG. 1.

Embodiments of the present invention have now been described infulfillment of the above objects. It will be appreciated that theseexamples are merely illustrative of the invention. Many variations andmodifications will be apparent to those skilled in the art. Althoughexamples have been provided in the context of private informationrelated to financial matters, the invention is not limited as such andis also applicable to private information related to, for example,health and other personal matters.

1. A method for providing a secure response to a first party, comprisingthe steps of: receiving, by a server, a first submission from the firstparty over a communications network, wherein the first submission isdirected to a second party and includes an identifier associated withthe first submission, and wherein the first party is not authenticatedor registered with the second party; receiving, by a server, a responseto the first submission from the second party; storing, by a server, theresponse for later retrieval by the first party or the second party;sending, by a server, a notification to the first party, wherein thenotification provides information for securely accessing the response;receiving, by a server, a second submission from the first party whereinthe second submission comprises information for correlation to theidentifier provided in the first submission; authenticating, by aserver, the first party; and permitting, by a server, the first party tosecurely access the response from the second party, wherein the firstparty cannot access the stored response until the first party isauthenticated via the notification to the first party.
 2. The method ofclaim 1 wherein the communications network is the Internet.
 3. Themethod of claim 1 wherein the identifier is a password.
 4. The method ofclaim 3 wherein the identifier further comprises a user name.
 5. Themethod of claim 4 wherein the user name is an email address.
 6. Themethod of claim 1 wherein the first party is a user at a client system.7. The method of claim 6 wherein the user is a prospect.
 8. The methodof claim 1 wherein the first party pre-registered with the second partyprior to the submission by the first party.
 9. The method of claim 1wherein the submission from the first party is forms-based.
 10. Themethod of claim 1 wherein the submission from the first party containsprivate information about the first party.
 11. The method of claim 1wherein the submission from the first party is received through a securesystem.
 12. The method of claim 1 wherein the second party includes acustomer service representative.
 13. The method of claim 1 wherein theresponse to the submission contains private information about the firstparty.
 14. The method of claim 1 wherein the notification is anunsecured email notification.
 15. The method of claim 14 wherein if thenotification is bounced, the first submission is located and marked toindicate that the notification was bounced.
 16. The method of claim 1wherein the information for securely accessing the response comprises asecure Hypertext Transfer Protocol link to an authentication page. 17.The method of claim 1 further comprising the step of: recording theattempts to access the response.
 18. The method of claim 1 furthercomprising the step of: preventing access to the response after apredetermined time period.
 19. The method of claim 1 further comprisingthe step of: preventing access to the response after a predeterminednumber of failed attempts.